CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-5996
HIGH
Panasonic Video Insight VMS < 7.3.2.5 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5991
HIGH
Cybozu Garoon 4.0.0-4.10.3 - Authenticated SQL Injection
CVSS 7.6
CVE-2019-3760
MEDIUM
RSA Identity Governance and Lifecycle < 7.1.0 P08 - Authenticated SQL Injection in Workflow Architect
CVSS 6.4
CVE-2019-12465
HIGH
LibreNMS < 1.53 - SQL Injection via ajax_rulesuggest.php term Parameter
CVSS 8.1
CVE-2019-10671
HIGH
LibreNMS < 1.47 - Authenticated SQL Injection via graph.php sort Parameter
CVSS 8.8
CVE-2019-16125
CRITICAL
Jobberbase 2.0 - SQL Injection via Category Parameter
CVSS 9.8
CVE-2019-16119
CRITICAL
10Web Photo Gallery <1.5.35 - SQL Injection
CVSS 9.8
CVE-2019-13191
HIGH
IntraMaps 8.0-8.1 - SQL Injection via Search Refine Set Page
CVSS 7.5
CVE-2019-5070
MEDIUM
eFront LMS < 5.2.12 - Unauthenticated SQL Injection via Login Page
CVSS 6.5
CVE-2019-15872
CRITICAL
LoginPress < 1.1.4 - SQL Injection via Settings Import
CVSS 9.8
CVE-2019-11363
HIGH
Snare Central <7.4.5 - SQL Injection
CVSS 7.2
CVE-2019-14314
CRITICAL
Imagely NextGEN Gallery <3.2.11 - SQL Injection
CVSS 9.8
CVE-2019-15659
CRITICAL
Pie Register < 3.1.2 - SQL Injection
CVSS 9.8
CVE-2019-15646
CRITICAL
RSVPMaker < 6.2 - SQL Injection
CVSS 9.8
CVE-2019-15658
HIGH
connect-pg-simple < 6.0.1 - SQL Injection via Untrusted tableName or schemaName
CVSS 7.3
CVE-2019-15533
CRITICAL
xayr xenfcoresharp < 2019-07-16 - SQL Injection in web/verify.php
CVSS 9.8
CVE-2019-15558
CRITICAL
XM^online 2 Common Utils and Endpoints 0.2.1 - SQL Injection
CVSS 9.8
CVE-2019-15557
CRITICAL
XM^online 2 User Account and Authentication Server 1.0.0 - SQL Injection via Tenant Key
CVSS 9.8
CVE-2019-15555
CRITICAL
Wellness < 2019-06-19 - SQL Injection via dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php
CVSS 9.8
CVE-2019-15560
CRITICAL
Reviews Module < 2019-06-04 - SQL Injection in database/index.js
CVSS 9.8
CVE-2019-15559
CRITICAL
hawn < 2019-07-10 - SQL Injection
CVSS 9.8
CVE-2019-15574
CRITICAL
Gesior-AAC < 2019-05-01 - SQL Injection via accountmanagement.php serviceID Parameter
CVSS 9.8
CVE-2019-15573
CRITICAL
Gesior-AAC < 2019-05-01 - SQL Injection via tankyou.php
CVSS 9.8
CVE-2019-15572
CRITICAL
Gesior-AAC < 2019-05-01 - SQL Injection via ServiceCategoryID Parameter
CVSS 9.8
CVE-2019-15571
CRITICAL
ClonOS < 2019-04-30 - SQL Injection in clonos.php
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High